Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with

Robert Drake rdrake at direcpath.com
Wed Jul 8 17:13:40 UTC 2015



On 7/7/2015 5:39 PM, Joe Greco wrote:
> Unclear at best. The way it is implemented, the user has the potential 
> to go either way. A network might not want the user to have the 
> choice, clearly, but there is certainly a subset of users who will opt 
> out of the feature and I cannot see how those would be in violation of 
> any sane network usage policy. It's certainly a mess in any case.
Now that windows mobile and desktop versions are converging, I doubt 
there is a way to really tell if a device is a PC or a phone or a 
tablet.  Some network administrators banned mobile phones from wifi 
connections because of Google's password storage violating their 
security policy.

Now administrators don't even get that knob.

We could fix it in a couple of ways (or, they could fix it.. depending 
on who pushes around money and if anyone cares enough to bother):

1.  Wifi sends password policy during handshaking.  If you save 
passwords you aren't allowed to connect here (or, you aren't allowed to 
backup/share this password) but we will allow the user to connect.  This 
can be transparent to the user and handled by the OS.*
2.  The client device sends "I am configured to backup/share passwords" 
to the wifi.  This allows the AP to either deny the user outright, or 
redirect them to a page explaining what is wrong or whatever.  This 
might be accomplished via DHCP option if we want to keep it all in software.

* The fact that we need an IEEE level fix for a security problem created 
by Google and then propagated by Microsoft is just pathetic.  These are 
two companies that should know better than to do this.

>
> ... JG




More information about the NANOG mailing list